FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Application Security Engineer
R2 CompaniesApplication Security Engineer ensuring operational efficiency and security at fintech, conducting code reviews and implementing security processes. Collaborating with engineering and product teams to enhance security posture.
Tech Stack
Tools & technologiesCloudGoKubernetesMicroservices
About the role
Key responsibilities & impact- Conduct secure code reviews for Go-based microservices and identify vulnerabilities early in the development cycle
- Perform security testing of APIs, web applications, and backend services before they reach production
- Establish and evolve secure coding standards, guardrails, and reusable patterns for engineering teams
- Lead threat modeling sessions with engineering and product teams at the design phase of new features and services
- Define and enforce security gates in CI/CD pipelines: SAST, DAST, SCA, and secrets scanning with blocking criteria for high-severity findings
- Own the DAST process end-to-end: tool selection, scheduling, escalation workflows, and remediation tracking
- Integrate container image scanning and infrastructure-as-code (IaC) security checks into deployment pipelines
- Support hardening initiatives across Kubernetes, ingress, and workloads
- Contribute to the security observability program by defining and tuning alerting rules for authentication anomalies and suspicious API usage
- Drive the adoption of secure development across engineering teams by providing guidance, training, and hands-on support
- Build and maintain security documentation, runbooks, and standards
- Triage, prioritize, and track remediation of security findings across the platform
- Coordinate external penetration tests and work with vendors on scope, debriefs, and remediation plans
- Sit with product and business teams to understand risk from a product perspective
- Ensure there are no open high-severity findings older than 30 days
Requirements
What you’ll need- 3–5 years of experience in application security, product security, or a similar role
- Hands-on experience with SAST/DAST tools (Snyk, Checkmarx, OWASP ZAP, Burp Suite, or equivalent)
- Solid knowledge of OWASP Top 10 for web and APIs and real-world exploitability assessment
- Experience reviewing code in Go or similar compiled languages
- Familiarity with Kubernetes, containers, and cloud-native architectures
- Strong written and verbal communication, able to explain security risks clearly to both engineers and non-technical stakeholders
- Self-driven and comfortable working with autonomy in a fast-paced environment
- English proficiency — written and spoken (required)
- Certifications such as OSCP, OSWE, CEH or eWPT
- Experience with Istio or service mesh security
- Familiarity with compliance frameworks such as ISO 27001, GDPR, or SOC 2
- Threat modeling experience (STRIDE, PASTA, or similar)
- Experience in fintech or regulated environments.
Benefits
Comp & perks- The chance to join a high-impact, mission-driven fintech with regional scale
- Cross-functional collaboration with exceptional teams across Latin America
- Equipment provided by R2
- Training budget for professional development
- Career growth within R2
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Secure Code ReviewsSecurity TestingVulnerability AssessmentCI/CD Security GatesContainer Image ScanningInfrastructure-as-Code SecurityOWASP Top 10Code Review in GoCompliance FrameworksExploitability Assessment
Soft Skills
Strong CommunicationSelf-DrivenAutonomous Work
Certifications
OSCPOSWECEHEWPT